首页 发现 帮助
登录
OWEALs
/
openssl
镜像自地址 git://git.openssl.org/openssl.git
2
0
派生 0
文件 工单管理 1 Wiki
目录树: 816c2b5a79
分支列表 标签列表
openssl
/
demos
/
ssltest-ecc
/
ECC-RSAcertgen.sh

ECC-RSAcertgen.sh 3.6 KB
文件历史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. #!/bin/sh
    2. 

  2. 

  3. # For a list of supported curves, use "apps/openssl ecparam -list_curves".
    4. 

  4. 

  5. # Path to the openssl distribution
    6. 

  6. OPENSSL_DIR=../..
    7. 

  7. # Path to the openssl program
    8. 

  8. OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
    9. 

  9. # Option to find configuration file
    10. 

  10. OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
    11. 

  11. # Directory where certificates are stored
    12. 

  12. CERTS_DIR=./Certs
    13. 

  13. # Directory where private key files are stored
    14. 

  14. KEYS_DIR=$CERTS_DIR
    15. 

  15. # Directory where combo files (containing a certificate and corresponding
    16. 

  16. # private key together) are stored
    17. 

  17. COMBO_DIR=$CERTS_DIR
    18. 

  18. # cat command
    19. 

  19. CAT=/bin/cat
    20. 

  20. # rm command
    21. 

  21. RM=/bin/rm
    22. 

  22. # mkdir command
    23. 

  23. MKDIR=/bin/mkdir
    24. 

  24. # The certificate will expire these many days after the issue date.
    25. 

  25. DAYS=1500
    26. 

  26. TEST_CA_FILE=rsa1024TestCA
    27. 

  27. 

  28. TEST_SERVER_CURVE=sect163r1
    29. 

  29. TEST_SERVER_FILE=sect163r1-rsaTestServer
    30. 

  30. TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (sect163r1 key signed with RSA)"
    31. 

  31. 

  32. TEST_CLIENT_CURVE=sect163r1
    33. 

  33. TEST_CLIENT_FILE=sect163r1-rsaTestClient
    34. 

  34. TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (sect163r1 key signed with RSA)"
    35. 

  35. 

  36. # Generating an EC certificate involves the following main steps
    37. 

  37. # 1. Generating curve parameters (if needed)
    38. 

  38. # 2. Generating a certificate request
    39. 

  39. # 3. Signing the certificate request 
    40. 

  40. # 4. [Optional] One can combine the cert and private key into a single
    41. 

  41. #    file and also delete the certificate request
    42. 

  42. 

  43. $MKDIR -p $CERTS_DIR
    44. 

  44. $MKDIR -p $KEYS_DIR
    45. 

  45. $MKDIR -p $COMBO_DIR
    46. 

  46. 

  47. echo "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)"
    48. 

  48. echo "=============================================================="
    49. 

  49. $OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
    50. 

  50. 

  51. $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
    52. 

  52.     -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
    53. 

  53.     -newkey ec:$TEST_SERVER_CURVE.pem -new \
    54. 

  54.     -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
    55. 

  55. 

  56. $OPENSSL_CMD x509 -req -days $DAYS \
    57. 

  57.     -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
    58. 

  58.     -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
    59. 

  59.     -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
    60. 

  60.     -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
    61. 

  61. 

  62. # Display the certificate 
    63. 

  63. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
    64. 

  64. 

  65. # Place the certificate and key in a common file
    66. 

  66. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
    67. 

  67. 	 > $COMBO_DIR/$TEST_SERVER_FILE.pem
    68. 

  68. $CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
    69. 

  69. 

  70. # Remove the cert request file (no longer needed)
    71. 

  71. $RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
    72. 

  72. 

  73. echo "GENERATING A TEST CLIENT CERTIFICATE (ECC key signed with RSA)"
    74. 

  74. echo "=============================================================="
    75. 

  75. $OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
    76. 

  76. 

  77. $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
    78. 

  78. 	     -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
    79. 

  79. 	     -newkey ec:$TEST_CLIENT_CURVE.pem -new \
    80. 

  80. 	     -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
    81. 

  81. 

  82. $OPENSSL_CMD x509 -req -days $DAYS \
    83. 

  83.     -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
    84. 

  84.     -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
    85. 

  85.     -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
    86. 

  86.     -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
    87. 

  87. 

  88. # Display the certificate 
    89. 

  89. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
    90. 

  90. 

  91. # Place the certificate and key in a common file
    92. 

  92. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
    93. 

  93. 	 > $COMBO_DIR/$TEST_CLIENT_FILE.pem
    94. 

  94. $CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
    95. 

  95. 

  96. # Remove the cert request file (no longer needed)
    97. 

  97. $RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
    98. 

  98.